• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Rogue Anti Spyware › Tutorials - HowTo › How to remove Live Enterprise Suite (Uninstall instructions)

How to remove Live Enterprise Suite (Uninstall instructions)

Myantispyware team January 27, 2010     No Comment    

Live Enterprise Suite is a rogue antispyware program. It is a clone of Internet Antivirus Pro, which is also a rogue antispyware application. Live Enterprise Suite usually distributed through the use of trojans that come from malicious websites that pretend to be online malware scanners. When the trojan is started, it will download and install Live Enterprise Suite onto your computer.

During installation, Live Enterprise Suite will be configured to run automatically each time you logon into Windows. Once started, the fake security application will run a system scan and labels legitimate Windows files and not existing files as infections that will not be fixed unless you first purchase the program. Important to know, all of these reported infections are fake, so you can safely ignore the scan results that Live Enterprise Suite gives you.

The same trojan that installs Live Enterprise Suite will also install a variant of trojan TDSS that may block user access to security websites and hijack search engines results. Last, but not least, while Live Enterprise Suite is running, you will be shown a fake Windows Security Center, nag screens, fake security alerts and notifications from Windows task bar. An example:

System Alert
Your PC is still infected with dangerous viruses. Activate
antivirus protection to prevent data loss and to avoid the
theft of your credit card details. Click here to activate
protection.

However, all of these alerts and pop-ups are a fake and like scan false results should be ignored! If you are infected with Live Enterprise Suite, then use these removal instructions below, which will remove Live Enterprise Suite and any other infections you may have on your computer for free.

More screen shoots of Live Enterprise Suite



Symptoms in a HijackThis Log

O4 – HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\winlogon.exe
O4 – HKCU\..\Run: [Live Enterprise Suite] “C:\program files\Internet Antivirus Pro\IAPro.exe” /s
O4 – HKCU\..\Policies\Explorer\Run: [inandorand] C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CD Burning\atoutfor.exe
O4 – HKCU\..\Policies\Explorer\Run: [] C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CD Burning\atoutfor.exe
O23 – Service: Guard Service (HTGrdEngine) – Unknown owner – C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\services.exe

Use the following instructions to remove Live Enterprise Suite (Uninstall instructions)

Download TDSSKiller from here and unzip to your desktop.

Open TDSSKiller folder and double click the TDSSKiller icon. When the scan is finished, you will see window similar to the one below.


TDSSKiller

Close all programs and press Y key.

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer for Live Enterprise Suite infection. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.


Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected for start Live Enterprise Suite removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Live Enterprise Suite creates the following files and folders

%UserProfile%\Application Data\Live Enterprise Suite\settings.ini
%UserProfile%\Application Data\Live Enterprise Suite\uill.ini
%UserProfile%\Application Data\Live Enterprise Suite\unins000.exe
%UserProfile%\Application Data\Live Enterprise Suite\db\config.cfg
%UserProfile%\Application Data\Live Enterprise Suite\db\Timeout.inf
%UserProfile%\Application Data\Live Enterprise Suite\db\Urls.inf
C:\Program Files\Internet Antivirus Pro
C:\Program Files\Internet Antivirus Pro\db
C:\Program Files\Internet Antivirus Pro\Languages
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro
%UserProfile%\Application Data\Live Enterprise Suite
%UserProfile%\Application Data\Live Enterprise Suite\db
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
c:\program files\Internet Antivirus Pro\IAPro.exe
%UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
C:\Program Files\Internet Antivirus Pro\activate.ico
C:\Program Files\Internet Antivirus Pro\Explorer.ico
C:\Program Files\Internet Antivirus Pro\unins000.dat
C:\Program Files\Internet Antivirus Pro\uninstall.ico
C:\Program Files\Internet Antivirus Pro\working.log
C:\Program Files\Internet Antivirus Pro\db\DBInfo.ver
C:\Program Files\Internet Antivirus Pro\db\ia080614.db
C:\Program Files\Internet Antivirus Pro\db\lists.ini
C:\Program Files\Internet Antivirus Pro\db\WMILib.dll
C:\Program Files\Internet Antivirus Pro\Languages\IAEs.lng
C:\Program Files\Internet Antivirus Pro\Languages\IAFr.lng
C:\Program Files\Internet Antivirus Pro\Languages\IAGer.lng
C:\Program Files\Internet Antivirus Pro\Languages\IAIt.lng
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro Home Page.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Purchase License.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Uninstall Internet Antivirus Pro.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Ghost Antivirus.lnk
C:\Documents and Settings\All Users\Desktop\Internet Antivirus Pro.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus Pro.lnk
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini

Live Enterprise Suite creates the following registry keys and values

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\htgrdengine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\567 1.4.2.0_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Enterprise Suite_is1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTGRDENGINE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\live enterprise suite
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft windows logon process
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Preferences\addontemplatesdir
HKEY_CURRENT_USER\SOFTWARE\Microsoft\FTP\searchdir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\realdebugger

Rogue Anti Spyware Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

V-news1.online
How to remove V-news1.online pop-ups (Virus removal guide)
unwanted ads
How to remove Dexchangegenius.com pop-up redirect (Virus removal guide)
Z-news4.online
How to remove Z-news4.online pop-ups (Virus removal guide)
New Finder redirects
How to uninstall New Finder extension from Chrome, Firefox, IE, Edge
Recruismsch.top
How to remove Recruismsch.top pop-ups (Virus removal guide)

Follow US

Search

Useful Guides

How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)
remove android virus
How to remove virus from Android phone
How to reset Google Chrome settings to default
How to reset Internet Explorer settings to default
Best free malware removal tools
Best Free Malware Removal Tools 2020

Recent Posts

How to remove PcsSecure (Removal instructions)
How to remove APcSafe (Uninstall instructions)
How to remove Desktop Security 2010 (Uninstall instructions)
How to remove ProtectSoldier (Removal guide)
How to remove APcSecure (Uninstall instructions)

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2020 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.